Jonah,
  Sorry for the double reply.
https://issues.apache.org/jira/browse/MINIFICPP-396 is the ticket
corresponding to that PR. It may address your issue depending no whether or
not you are currently using the Context service to configure the RPG. It
may also address another issue preventing proper setup, but the CA trust
issue is likely not addressed with the PR I sent a few minutes ago.
  Thanks,
  Marc


On Fri, Feb 9, 2018 at 5:44 PM, Marc <phroc...@apache.org> wrote:

> Jonah,
>
>   There is a pull request to address some of the configuration of these
> objects since there were two routes to configure it ( Context Service and
> minifi.properties ) : https://github.com/apache/nifi-minifi-cpp/pull/263
> ; however,
>   I'm not sure this is your issues since the curl_easy_perform implies
> that the peer certificate cannot be authenticated -- "Peer certificate
> cannot be authenticated with given CA certificates"
>
>   Are you setting an SSL context service? Does the CA certificate path
> contain the entire trust chain?
>
>   Thanks,
>   Marc
>
> On Fri, Feb 9, 2018 at 5:20 PM, Jonah Husson <jo...@optimusride.com>
> wrote:
>
>> Hey All,
>>
>> Figured I'd shoot off an email before looking into issue reporting, in
>> case
>> this is a product of my own stupidity rather than an actual bug.
>>
>> I'm trying to get MiNiFi communicating with a NiFi cluster on an internal
>> network running with SSL.  I'm able to connect to NiFi from a web browser
>> after importing the correct certificates, but attempting to actually
>> transfer a file with minifi produces the following result:
>>
>> [2018-02-09 15:45:55.136] [main] [info] MiNiFi started
>> [2018-02-09 15:45:57.923] [org::apache::nifi::minifi::pr
>> ocessors::GetFile]
>> [info] GetFile process
>> /home/jonah/optimus/data/dynamic/ready_logs/testcopy2.txt
>> [2018-02-09 15:45:58.339] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:45:58.401] [org::apache::nifi::minifi::co
>> re::ProcessSession]
>> [info] Transferring 3b086abc-0dda-11e8-ab09-c85b769e9522 from GetFile to
>> relationship success
>> [2018-02-09 15:45:58.438]
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [debug] Refreshing
>> the peer list since there are none configured.
>> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site
>> is
>> a secure url
>> [2018-02-09 15:45:58.439] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Submitting to
>> https://rs0.internal.optimusride.com:9093/nifi-api/site-to-site
>> [2018-02-09 15:45:58.553] [org::apache::nifi::minifi::utils::HTTPClient]
>> [error] curl_easy_perform() failed Peer certificate cannot be
>> authenticated
>> with given CA certificates
>>
>> [2018-02-09 15:45:58.553]
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error]
>> ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed
>>
>> [2018-02-09 15:45:58.553]
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [debug] Obtained
>> protocol from available_protocols_
>> [2018-02-09 15:45:58.553]
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [info] no protocol,
>> yielding
>> [2018-02-09 15:46:01.541] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:46:02.701] [org::apache::nifi::minifi::FlowController]
>> [info] Stop Flow Controller
>> [2018-02-09 15:46:04.748] [org::apache::nifi::minifi::utils::HTTPClient]
>> [debug] Setting callback for
>> [2018-02-09 15:46:05.137] [org::apache::nifi::minifi::FlowController]
>> [info] Unload Flow Controller
>> [2018-02-09 15:46:05.137] [main] [info] MiNiFi exit
>>
>> I'm not entirely sure what I'm doing wrong here, I'm fairly sure my
>> certificate setup is fine.  NiFi's keystore has a cert/private key signed
>> by a CA i self-signed and created locally, it's truststore has the public
>> key that corresponds to the client certificate and private key on MiNiFi,
>> and MiNiFi has the certificate used to sign the one in NiFi's keystore.
>>
>> The best guess I have stems from the fact that the log message <url> is a
>> secure url occurs, but the message that configure_secure_connection(CURL
>> *http_session) should play if it runs doesn't come up, which leads me to
>> beleive that ssl_context_service_ isn't initialized properly for some
>> reason (see line 129 in /extensions/http-curl/HTTPClient.cpp, only place
>> I
>> see either of those methods called).
>>
>> Let me know if you have any insight on this, frankly I haven't found much
>> documentation on the SSL setup for MiNiFi at all, so it's totally possible
>> I did something horribly wrong there.  I'd also be happy to make a bug
>> report if y'all think this warrants one.
>>
>> Best,
>> Jonah.
>>
>
>

Reply via email to